Finding The Right Balance For Cloud Security

Cloud and security are in conflict in the minds of many people. The cloud is all about speed and agility, while security is traditionally a drag that slows things down. The cloud is about ubiquitous access that introduces risk, while security is about minimizing access and risk. At least, that’s what the common perceptions are. The reality is that cloud and security can peacefully coexist if you just find the right balance.

To be fair, much of the common perception of cloud security—or insecurity as the case may be—is just myth. Pervasive myth, but myth nonetheless. A recent report based on analyzing millions of security events gathered over an 18-month period found that public cloud implementations are actually the most secure.

Managing Risk

Still, security frequently impedes productivity. The challenge is to determine how much risk you’re willing to accept and what the appropriate tradeoffs are for you when it comes to balancing operations and security. Tom Conklin, head of security and compliance for Vera, explained that security needs to also embrace the cloud in order to be effective. Conklin declared, “If we become a blocker, users will just shift to shadow IT.”

Much of security boils down to effective risk management. You can’t realistically eliminate all threats or risk, but you can choose what measures you’re willing to put in place to mitigate the risk. This includes developing a strong vendor management and risk assessment process to ensure that the tools you use and the third-party companies you trust don’t weaken your security posture.

Conklin stressed that teams choosing to expose the organization to increased risk should also be responsible for accepting that increased risk. “If a department wants to use a service that doesn't meet company security standards, make sure this is captured in the risk assessment and communicated to leadership. Make the department head / buyer own and sign off on the risk that their vendor introduces.”

Leverage Cloud Security Tools You Already Have

There are a variety of cloud-based features and capabilities that security teams can embrace. Conklin believes that security teams need to leverage the security functionality inherent in cloud services, “For example, use two-factor authentication wherever it is supported, and take advantage of all security options tools offer.”

Understand the Cloud Shared Responsibility Model

Also keep in mind that the cloud service provider is in the business of selling cloud services. Its focus is on helping you spin up cloud assets and resources, not on slowing you down with security. It’s important to understand what your role in cloud security is, and what your cloud service provider is responsible for—something that more than 7 in 10 IT professionals apparently fail to understand according to a recent survey.

The cloud seems daunting from a traditional security perspective. It’s vast and dynamic. There are too many quickly-moving parts. When you take a step back, though, and understand that the security benefits from the same scalability and agility in the cloud as your servers, applications, and data do, it’s not as scary. You just need to understand what is your responsibility to secure and protect and embrace cloud-native solutions to minimize your risk without unnecessarily slowing down productivity.

I am Senior Manager of Content Marketing for Alert Logic and Editor-in-Chief of TechSpective. I have a passion for technology and gadgets--with a focus on Microsoft and security--and a desire to help others understand how technology can affect or improve their lives. I also ...